Vulnerability CVE-2010-1615

Vulnerability Name:

CVE-2010-1615 (CCN-57553)

Assigned:

2010-04-06

Published:

2010-04-06

Updated:

2020-12-01

Summary:

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-89

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2010-1615

Source: CONFIRM
Type: UNKNOWN
http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3

Source: CONFIRM
Type: UNKNOWN
http://cvs.moodle.org/moodle/mod/wiki/view.php?r1=1.76.2.6&r2=1.76.2.7

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:011

Source: CCN
Type: MSA-10-0005
Incorrect validation of forms data

Source: CONFIRM
Type: UNKNOWN
http://moodle.org/security/

Source: DEBIAN
Type: DSA-2115
moodle -- several vulnerabilities

Source: CCN
Type: BID-39150
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2010-1107

Source: XF
Type: UNKNOWN
moodle-multipleforms-sql-injection(57553)

Source: SUSE
Type: SUSE-SR:2010:011
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:moodle:moodle:1.8.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.11:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.4:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.5:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.8:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.2:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.1:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.9:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.3:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.10:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.6:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.9.7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:moodle:moodle:1.9.7:*:*:*:*:*:*:*

OR cpe:/a:moodle:moodle:1.8.11:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2010-1615 (CCN-57554)

Assigned:

2010-04-06

Published:

2010-04-06

Updated:

2010-05-22

Summary:

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-89

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2010-1615

Source: CCN
Type: MSA-10-0006
SQL injection in Wiki module

Source: DEBIAN
Type: DSA-2115
moodle -- several vulnerabilities

Source: CCN
Type: BID-39150
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
moodle-wikimodule-sql-injection(57554)

Source: SUSE
Type: SUSE-SR:2010:011
SUSE Security Summary Report

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20101615	V	CVE-2010-1615	2015-11-16
oval:org.mitre.oval:def:11823	P	DSA-2115-2 moodle -- several	2014-06-23
oval:org.mitre.oval:def:12759	P	DSA-2115-1 moodle -- several	2014-06-23
oval:org.debian:def:2115	V	several vulnerabilities	2010-09-29
oval:com.ubuntu.precise:def:20101615000	V	CVE-2010-1615 on Ubuntu 12.04 LTS (precise) - medium.	2010-04-29

BACK